In the early morning of July 2, 2020 official account The department of the situation and crisis department of the Russian Foreign Ministry was compromised. As a result, for over 12 hours, the account advertised the sale of the database with the data of the Russians.
Unknown attackers who hacked the account of the Ministry of Foreign Affairs published two messages stating that they were selling the base “Tourists base of the EPGU relevance June 2020 payments abroad”. This, apparently, was about tourists who are abroad and receive payments from Russia through the Unified portal of public services. Hackers noted that "the authenticity of the database is confirmed by this tweet, as well as access to certain accounts."
Unknown people estimated this dump containing 115,000 lines at 66 bitcoins, that is, about 42 million rubles, and left a jabber account in their unusual “announcement” for communication.
Currently, cracker messages have already been deleted (archived version can be seen here), and the Foreign Ministry regained control of the account. Ministry spokeswoman Maria Zakharova reported the publication "Rise" that the account was really hacked, and restore access quickly failed. Soon, an official comment about the incident appeared on Twitter.
Dear readers and subscribers, we inform you about the elimination of the consequences of hacking our account by cybercriminals who published this morning on July 2 this year on tape DSCC "fakes" that have nothing to do with the Russian Foreign Ministry. The account is functioning normally.
– Russian Foreign Ministry 🇷🇺 DSCC (@MID_travel) July 2, 2020
“Once again, we see how state bases merge with the network with sensitive data from citizens. We have repeatedly drawn attention to the fact that the collection, storage and use by a wide range of individuals of data, including biometrics, is beyond public control and the accumulation of such confidential information, especially in the most centralized form, poses multiple risks, including leaks. Unfortunately, government agencies are doing practically nothing to correct this acute problem, moreover, they are exacerbating it by introducing more and more new grounds for collecting and uncontrolled accumulation of an increasing amount of personal data, ”commented Artem Kozlyuk, head of RosKomSvoboda.
Ashot Hovhannisyan, the head of DeviceLock, writes in his Telegram channel that hackers probably advertise the database, rumors about which go from June current year. So, in the spring on hacker forums, ads began to appear on the sale of databases of Russians located abroad, awaiting evacuation to their homeland. It was alleged that the database is current as of June 2020 and it contains approximately 115,000 lines. Hackers estimated this base at the same fabulous sum – 66 bitcoins.
Interesting that the journalists RBC tried to contact citizens whose data fell on screenshots published by attackers, but one of the 34 numbers did not answer, and most of them turned out to be invalid at all. Based on the fact that no other evidence was provided other than screenshots, and also given the unreasonably high cost of the database, Hovhannisyan writesthat the base is most likely fake.